The number of reported attempts trying to defraud the public by using bogus law firms soared by 57% last year, the Solicitors Regulation Authority (SRA) revealed yesterday.
The news came with the publication of an SRA guide to combating cybercrime, which the regulator brought forward in light of the scam this week targeted at solicitors through an e-mail that appears to be from the SRA itself.
According to Spiders in the Web, the SRA received 549 reports of fake firms in 2013, many of which advertise online and operate by stealing the identity of an existing, real law firm.
This can be used as a method of stealing money from clients that are tricked into thinking they are dealing with a genuine law firm.
As well as bogus firms, the SRA said the use of harmful software has also been of increasing concern. Other potential risks include hacking and online activism – the guide recounted how in 2012 the ‘Anti-sec’ online activist group hacked into the servers of a Washington law firm that was acting for a US soldier convicted of war crimes in Iraq.
They obtained tens of thousands of e-mails and posted them online, including confidential information from unrelated cases.
A spokesman for the group said that they may attack others “if law firms stick their necks out in defence of notoriously corrupt corporations”.
Other real-life instances highlighted in the guide included a Canadian law firm working on a proposed acquisition of a Chinese company that was targeted by data thieves. Lawyers working on the deal received e-mails that appeared to be from a partner in the firm who was involved in the transaction.
The e-mails were actually a targeted phishing operation, and contained an attachment which installed a computer program on to the firm’s IT systems. This recorded data and information, and allowed the third party to access it. The attack was eventually traced to computers in China, with commercial espionage the presumed motive.
The SRA said that it did not intend to cause alarm. “There are simple steps that law firms can take to help protect themselves from criminals. These help to turn businesses from soft to hard targets.”
For example, it said commercial identity theft can be guarded against with many of the same concepts as used against personal identity theft, such as ensuring the secure destruction of documents that carry sensitive information about the firm.
The SRA also advised that firms should also at least occasionally monitor references to themselves online and on sites such as ‘Find a Solicitor’, which may help detect fake branches.
Andrew Garbutt, SRA director of risk, said the SRA e-mail scam “shows that the risks we are identifying are very real with genuine consequences, and that all firms should make themselves aware of the issues, assess how they could affect them and take steps to mitigate against them”.